Security researchers have identified a surveillance tool, known as EagleMsgSpy, reportedly used by Chinese law enforcement to gather sensitive data from Android devices within China.
.jpg "Android smartphones")
The spyware, revealed by U.S. cybersecurity firm Lookout at the Black Hat Europe conference, has been operational since at least 2017. According to Kristina Balaam, a senior intelligence researcher at Lookout, it has been deployed by numerous public security bureaus in mainland China. The tool collects extensive information from devices, including call logs, contacts, GPS data, bookmarks, and messages from apps like Telegram and WhatsApp. It can also record smartphone screens and capture audio during use.
Lookout uncovered a manual describing EagleMsgSpy as a "judicial monitoring product" designed to covertly track suspects and monitor all their mobile activities. Balaam attributes the tool's development to Wuhan Chinasoft Token Information Technology, a private Chinese tech company. She highlights its connections to public security bureaus, which function as local police offices in China.
The extent of EagleMsgSpy's usage remains unclear, including the number of individuals affected. While primarily intended for domestic surveillance, Balaam warns that travelers to China might also be at risk. She notes the tool's infrastructure suggests it could be used to monitor individuals beyond China's borders, regardless of citizenship.
EagleMsgSpy’s infrastructure overlaps with other China-linked surveillance tools, such as CarbonSteal, previously used to target Tibetan and Uyghur communities. The spyware currently requires physical access to target devices, but Balaam cautions that its capabilities are still evolving. As recently as late 2024, development continued, raising the possibility that future versions might not require physical access.
Additionally, Lookout’s research hints at the potential existence of an iOS version of EagleMsgSpy, which has yet to be discovered.